Aggregating 2 log fields

basavesh · July 28, 2025, 2:24pm

I have a log file which contains header (printed once per file) & body (multiple log blocks) as shown below.

Server name = abcdefgh123
Time = 07/09/24 12:23:22 AM

Country = US
Total = 10
Status = Red

I am pushing logs with help of filebeat.
Log flow - Filebeat -> Logstash -> Elasticsearch.

Here I am trying to aggregate header with each body block, but its failing as all the logs are sent as single event.

Please help if anyone have faced this and know the solution.

Topic		Replies	Views
Aggregate data using filebeat Beats filebeat	4	1180	April 28, 2021
Copy field on event Logstash	1	1340	June 27, 2017
ELK - Aggregating Fields from 2 different messages into a single log Logstash	2	393	July 2, 2018
Regroup fields logstash Logstash	2	234	July 23, 2019
Processing multiline events from filebeat Logstash	5	355	May 2, 2018